Video Screencast Help

Mail and Web Security Blog

Showing posts in English
Ian McShane | 15 Apr 2014 | 0 comments

Last week, we shared details of how the HeartBleed OpenSSL vulneratbility affected our Email & Web Security products.

The newest feature in our Web product, the ability to analyze and control data over HTTPS communications, was found to be vulnerable and was taken offline immediately on April 9th 2014.  No other features, functionality or services were impacted.

I'm happy to announce that over the past weekend, we completed the work necessary to be able to restore this functionality.  With visibility into both unencrypted HTTP and encrypted HTTPS traffic, Symantec Web can secure users from malware, enforce web usage policy and prevent sensitive and confidential data from leaving the network.

As a reminder, the following products and services are NOT at risk and...

Ian McShane | 10 Apr 2014 | 2 comments

By now you should be well aware of the vulnerability CVE-2014-0160, nicknamed HeartBleed, that exists in a number of versions of OpenSSL - an extremely popular open source cryptographic library.

Yesterday, we provided some guidance on steps businesses and consumers should take in light of this vulnerability.

We have also made it very simple to inspect and verify many aspects of SSL certificate security, including whether a server is still vulnerable to the HeartBleed attack.

We are extremely sensitive to the anxiety felt by customers who rely on our software and services as a core part of their work and personal lives.  So today, I want to give you an...

Ian McShane | 27 Mar 2014 | 0 comments

One of the oldest tricks in the book for spammers is to spoof or forge the "From" address so that the email appears to come from a legitimate source.

This month, Symantec is introducing DMARC Validation as a free upgrade for Email customers, further enhancing our protection against these types of spam, targeted attacks and phishing messages.

Once customers enable this new functionality, Symantec will automatically check if sending domain owners have a published DMARC policy and check that the email is legitimate. 

Big, popular brands are often used in phishing and scam email attacks and I'm sure you've seen some of them first hand.
This is why over 80,000 domains have published DMARC policies and since 2011 it has been quickly adopted by some of the largest global brands and email senders such as Paypal, Twitter,, Yahoo! Mail, Facebook, LinkedIn and Bank of America.


dougbowers | 19 Nov 2013 | 2 comments

Most people today rely on email as their method for business communication – sending and receiving hundreds of emails every day. This dependence on email can create a weak link in securing corporate information and expose a company to attacks. While hackers still use general spam emails and social engineering (or phishing) attacks against organizations, they are now increasingly pursuing sophisticated and targeted attacks that are far more difficult to differentiate from the emails we typically receive. In fact, Symantec’s 2013 Internet Security Threat Report found a 42 percent increase in targeted attacks in 2012.  

Most spam emails are relatively easy to identify and quarantine, but targeted attacks are customized for their recipients, making them harder to spot. For example, a company’s HR department could receive an email that requests that they click on a link to...

Spencer Parkinson | 02 Oct 2013 | 0 comments

Information Security™ magazine and recently announced the winners of its 2013 Reader’s Choice Awards, which were selected based on feedback by customers who were asked to assess products deployed within their organizations. We’re excited to announce that Symantec was honored with eight awards – four Gold, two Silver and two Bronze –demonstrating significant representation across our diverse portfolio of market-leading security solutions.

Included below is a complete list of Symantec’s wins, which will be featured in the October edition of Information Security magazine and are highlighted online at

The Information Security magazine and 2013 Readers’ Choice Award winners were selected based on extensive, in-depth discussions and...

Duncan Mills | 27 May 2013 | 1 comment

Part 3 – what you should look for when choosing a cloud security provider.

In the first two parts of this 3-part blog we highlighted the importance of choosing a financially secure and stable organisation; one that you can trust with your data and the protection of your people and information from a constantly changing threat landscape. Here are some of the other important things to look for when choosing your security services provider.

Service level agreements are extremely important. Someone else is processing your emails and web traffic, both of which are business critical, so look for SLAs around all aspects of the service. Read past the headline SLAs to ensure that they are backed by meaningful, financial remedies. The provider should be transparent and publish their performance against the SLAs. This is how you can be sure that they are confident in their own ability to execute.  


Duncan Mills | 20 May 2013 | 0 comments

Part 2 – the impact of the changing threat landscape.

In the first part of this 3-part blog we looked at changes in the cloud security industry and how mergers and acquisitions and vendors’ changing strategies have impacted their customers. In part 2 we will look at how the threat landscape has changed and what this means to those organisations that rely on a cloud email and web security vendor.

Early entrants into the SaaS email security market quickly realised that they were in a unique position to offer better protection than their competitors that were producing on-premises products. Because they were protecting, in some cases, tens of thousands of customers, they had visibility of the end-to-end flow of millions of emails. This meant they had a significant amount of security intelligence that they could use to identify suspicious emails and protect against zero-day threats.

Today it is common for email and web security vendors...

Duncan Mills | 16 May 2013 | 0 comments

The increased use in the workplace of user-owned devices such as smartphones and tablets, often referred to as bring your own device (BYOD), provides businesses with significant productivity and cost benefits. However, it also presents a number of complex challenges related to security.

Due to the rise of smart media devices like smartphones, tablets and ultrabooks, it is estimated that potentially, as many as 30-35%* of endpoints connected to a company’s network could be unmanaged. These are more at risk than managed endpoints which are typically subject to software patching and endpoint security policies.

Of course unmanaged endpoints are still protected by your perimeter security, such as secure web gateways. However, these have typically evolved from caching proxies and URL filters. What you need is an additional layer of security that provides the best possible levels of protection for unmanaged endpoints.

Symantec Web Gateway (SWG) will...

wib3rd | 15 May 2013 | 7 comments

Symantec Messaging Gateway 10.5 Pre-release Evaluation


On June 25th, 2013 Symantec will be launching the pre-release evaluation of Symantec Messaging Gateway 10.5. This new version of Symantec Messaging Gateway plans to introduce new features including.


  • Remove Zero Day Malware and Targeted Attacks from Office and PDF attachments with new “Disarm” technology.
  • Block more Spam and Malware with Expanded Threat URL Reputation
  • Simplify management with LDAP Authenticated Administration
  • Enhanced management of Unscannable Messages
  • Communicate securely with trusted partners using enforced inbound TLS encryption
  • Increase security with TLS encrypted delivery to Symantec DLP
  • Control Spam attacks and message volume from inside the your environment with Outbound Sender Throttling Capability
  • Deploy using new Hyper-V support


The Symantec ...

Duncan Mills | 10 May 2013 | 0 comments

Part 1 – changes in the industry

The email and web security industry has seen many changes over the past years, especially in the cloud or SaaS market. Many vendors in this space started by offering email anti-malware and anti-spam services. They then added email content control and web anti-malware and URL filtering.

Some vendors invested heavily, built their own multi-tenant infrastructure, patented their technology and owned intellectual property, whilst others simply purchased and deployed enterprise equipment into datacenters and managed it on behalf of their customers. Some were more serious about security than others, offering multiple signature-based AV engines as well as proprietary protection technologies and elements of data loss prevention.

Around the mid 2000s the market became quite crowded, with a number of large cloud email and web security vendors, some mid-sized ones and lots of smaller, local players. In the second half...